[CS-FSLUG] Networking with Ubuntu or Fedora Core 6 part 3
Tim Young
Tim.Young at LightSys.org
Mon Feb 26 11:05:46 CST 2007
Where you change ssh to reliable, you will also need to add:
137:UDP
138:UDP
139:TCP
There will probably not be a check-mark for these services, but there
should be an "other services" text box where you can type in the above
lines.
- Tim Young
Ps. The lines below represent your firewall. What you have are a bunch
of rules which occur in order. They consist of a pattern and an
action. If the network connection matches the pattern, then the action
occurs.
You have a bunch of "ACCEPT" actions. If the pattern is the printing
protocol (dport 631), then it is accepted and allowed through the
firewall. At the end of the list is a rule which REJECTS all the
packets which had not been allowed beforehand. So if you do not see an
"ACCEPT" rule for something in particular, it gets rejected.
If you want to see a list of the various things you can accept or
reject, you can find it in /etc/services
Hilding wrote:
> Going to System - Security Level: and changing to mark SSH as reliable
> will give You this iptables-save
>
> Generated by iptables-save v1.3.5 on Mon Feb 26 17:26:09 2007
> *filter
> :INPUT ACCEPT [0:0]
> :FORWARD ACCEPT [0:0]
> :OUTPUT ACCEPT [2:320]
> :RH-Firewall-1-INPUT - [0:0]
> -A INPUT -j RH-Firewall-1-INPUT
> -A FORWARD -j RH-Firewall-1-INPUT
> -A RH-Firewall-1-INPUT -i lo -j ACCEPT
> -A RH-Firewall-1-INPUT -p icmp -m icmp --icmp-type any -j ACCEPT
> -A RH-Firewall-1-INPUT -p esp -j ACCEPT
> -A RH-Firewall-1-INPUT -p ah -j ACCEPT
> -A RH-Firewall-1-INPUT -d 224.0.0.251 -p udp -m udp --dport 5353 -j ACCEPT
> -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 631 -j ACCEPT
> -A RH-Firewall-1-INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
> -A RH-Firewall-1-INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j
> ACCEPT
> -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
> COMMIT
> # Completed on Mon Feb 26 17:26:09 2007
>
>
>
> Tim Young skrev:
>
>> Hi there,
>> One of the problems with a network with Linux is that there are a ton of
>> ways to do everything. If all you have is two Linux boxes, then you
>> will want to use NFS file-sharing. If you may sometime use a windows
>> box on your computer, you will want to set up Samba (You may do it
>> instead of NFS. They are not mutually exclusive, they just do the same
>> thing two different ways.)
>>
>> With your problem of things not opening eachother, my first guess is
>> that you have a firewall set up. You can determine if you have a
>> firewall by running:
>> iptables-save
>>
>> If it prints a lot of lines, then you have a firewall. :)
>>
>> You may look at:
>> http://tldp.org/HOWTO/SMB-HOWTO.html
>> This tells you about file and printing.
>>
>> You will probably want to break things up into a few parts:
>> Getting the computers to contact eachother via the net.
>> (firewalling, IP addresses, DNS, etc.)
>> Sharing information
>> (Samba, NFS, SSH, etc.)
>>
>> There is a Linux networking howto at tldp.org, but it gets very
>> complex. Since you already have IP addresses, I will assume that you
>> just have a firewall blocking connectivity. You can turn off your
>> firewall a few ways. Fedora uses a program called "lokkit" in the
>> command-line world, but it has some interface in the GUI world. I do
>> not have FC6 so I don't know where it is. If you have a firewall
>> between you and the outside world, for now, just turn off your firewall.
>>
>> For sharing files, you will most likely end up setting up Samba. It is
>> horribly more complex than NFS, but it works in more cases than NFS
>> does. The samba link I gave you up there may be helpful. But since you
>> already set up some shares, most likely, when you have the firewall
>> turned off, things will start working. If not, I can give you a few
>> commands that will tell you quickly where the problem is.
>>
>> Fedora used to allow root SSH by default, so my guess here is that once
>> you have your firewall down, everything will work. If not, ssh is
>> usually very simple. Make sure it is enabled at boot
>> chkconfig sshd on
>> and then make sure it is currently started up
>> service sshd start
>>
>> Then, from the machine you are on, ssh to yourself to see if it works
>> local. If it does, then try it from the other computer. Most all SSH
>> issues, unless you have been playing with the sshd_config file, will be
>> with the firewall or not having your service started.
>>
>> Hope that helps some.
>>
>> - Tim Young
>>
>> HildingE wrote:
>>
>>
>>> Well, sorry to say I am returning to basic about creating network, this
>>> time with Fedora Core 6. Where can I find an easyread HOWTO installing
>>> network? I am just using network between two LinuxPC. Beside Ubuntu I
>>> have a little bit curios about Fedora Core 6, but it seems more
>>> difficult to get it right.
>>>
>>> Places: connect to server - ssh - the adresses to the two computers,
>>> 192.168.0.2 and 192.168.0.3 I am working as root, but it refuses to
>>> open eachother. I have made shared folders, but without any result.
>>>
>>> Regards in Lent.
>>>
>>> /Hilding in Gothenburg
>>>
>>> __________________________________________________
>>> Använder du Yahoo!?
>>> Är du trött på spam? Yahoo! E-post har det bästa spamskyddet som finns
>>> http://se.mail.yahoo.com
>>>
>>>
>>> _______________________________________________
>>> ChristianSource FSLUG mailing list
>>> Christiansource at ofb.biz
>>> http://cs.uninetsolutions.com
>>>
>>>
>>>
>>>
>>>
>>>
>> _______________________________________________
>> ChristianSource FSLUG mailing list
>> Christiansource at ofb.biz
>> http://cs.uninetsolutions.com
>>
>>
>>
>
> __________________________________________________
> Använder du Yahoo!?
> Är du trött på spam? Yahoo! E-post har det bästa spamskyddet som finns
> http://se.mail.yahoo.com
>
>
> _______________________________________________
> ChristianSource FSLUG mailing list
> Christiansource at ofb.biz
> http://cs.uninetsolutions.com
>
>
>
>
More information about the Christiansource
mailing list